42.200.106.20 - IPInfo

基本信息:

城市(city): Central

省份(region): Central and Western District

国家(country): Hong Kong

运营商(isp): PCCW IMS Ltd

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbots	Web app attack attempt	2019-12-04 03:13:38
attackspambots	[SatSep2814:27:37.6997652019][:error][pid4918:tid47123242419968][client42.200.106.20:40142][client42.200.106.20]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"\\\\\\\\.sql\$"atREQUEST_FILENAME.[file"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf"][line"1288"][id"350590"][rev"2"][msg"Atomicorp.comWAFRules:AttackBlocked-Dataleakage-attempttoaccessrawSQLfiles\(disablethisruleifyourequireaccesstofilesthatendwith.sql\)"][severity"CRITICAL"][hostname"www.ilgiornaledelticino.ch"][uri"/xxx.sql"][unique_id"XY9RuTZZ@6h78vMmw87QvQAAAEo"][SatSep2814:27:38.7601872019][:error][pid4696:tid47123265533696][client42.200.106.20:40524][client42.200.106.20]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"\\\\\\\\.sql\$"atREQUEST_FILENAME.[file"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf"][line"1288"][id"350590"][rev"2"][msg"Atomicorp.comWAFRules:AttackBlocked-Dataleakage-attempttoaccessrawSQLfiles\(disablethisruleifyourequireaccesstofilesthatendwith.sql\)"][severity	2019-09-29 03:30:44

类型

评论内容

时间

attackbots

Web app attack attempt

2019-12-04 03:13:38

attackspambots

[SatSep2814:27:37.6997652019][:error][pid4918:tid47123242419968][client42.200.106.20:40142][client42.200.106.20]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"\\\\\\\\.sql\$"atREQUEST_FILENAME.[file"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf"][line"1288"][id"350590"][rev"2"][msg"Atomicorp.comWAFRules:AttackBlocked-Dataleakage-attempttoaccessrawSQLfiles\(disablethisruleifyourequireaccesstofilesthatendwith.sql\)"][severity"CRITICAL"][hostname"www.ilgiornaledelticino.ch"][uri"/xxx.sql"][unique_id"XY9RuTZZ@6h78vMmw87QvQAAAEo"][SatSep2814:27:38.7601872019][:error][pid4696:tid47123265533696][client42.200.106.20:40524][client42.200.106.20]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"\\\\\\\\.sql\$"atREQUEST_FILENAME.[file"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf"][line"1288"][id"350590"][rev"2"][msg"Atomicorp.comWAFRules:AttackBlocked-Dataleakage-attempttoaccessrawSQLfiles\(disablethisruleifyourequireaccesstofilesthatendwith.sql\)"][severity

2019-09-29 03:30:44

相同子网IP讨论:

IP	类型	评论内容	时间
42.200.106.1	attackbots	Unauthorized connection attempt from IP address 42.200.106.1 on Port 445(SMB)	2020-10-11 03:02:04
42.200.106.1	attackbotsspam	Unauthorized connection attempt from IP address 42.200.106.1 on Port 445(SMB)	2020-10-10 18:52:54
42.200.106.101	attackbotsspam	1589961388 - 05/20/2020 09:56:28 Host: 42.200.106.101/42.200.106.101 Port: 445 TCP Blocked	2020-05-20 22:49:57
42.200.106.90	attackspambots	Fail2Ban Ban Triggered	2019-10-31 13:23:44

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.200.106.20
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41915
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.200.106.20.			IN	A

;; AUTHORITY SECTION:
.			576	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019092801 1800 900 604800 86400

;; Query time: 442 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Sep 29 03:30:41 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

20.106.200.42.in-addr.arpa domain name pointer 42-200-106-20.static.imsbiz.com.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
20.106.200.42.in-addr.arpa	name = 42-200-106-20.static.imsbiz.com.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
103.94.190.4	attackspam	Jan 4 06:56:49 taivassalofi sshd[164648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.94.190.4 Jan 4 06:56:51 taivassalofi sshd[164648]: Failed password for invalid user pp from 103.94.190.4 port 27400 ssh2 ...	2020-01-04 13:17:44
113.141.70.115	attackspambots	Unauthorized connection attempt detected from IP address 113.141.70.115 to port 1433	2020-01-04 09:27:47
1.29.26.103	attackbotsspam	Unauthorized connection attempt detected from IP address 1.29.26.103 to port 1433	2020-01-04 09:13:43
108.183.89.188	attack	DATE:2020-01-04 05:57:07, IP:108.183.89.188, PORT:telnet - Telnet brute force auth on a honeypot server (epe-dc)	2020-01-04 13:05:38
27.74.193.167	attack	DATE:2020-01-04 05:57:05, IP:27.74.193.167, PORT:telnet - Telnet brute force auth on a honeypot server (epe-dc)	2020-01-04 13:08:29
100.73.26.212	spambotsattackproxynormal	Jalpan	2020-01-04 11:09:30
211.157.2.92	attackbots	Jan 3 18:53:49 web9 sshd\[11385\]: Invalid user tirocu from 211.157.2.92 Jan 3 18:53:49 web9 sshd\[11385\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.157.2.92 Jan 3 18:53:50 web9 sshd\[11385\]: Failed password for invalid user tirocu from 211.157.2.92 port 23543 ssh2 Jan 3 18:57:15 web9 sshd\[11978\]: Invalid user shekhar from 211.157.2.92 Jan 3 18:57:15 web9 sshd\[11978\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.157.2.92	2020-01-04 13:00:18
222.186.175.151	attackspam	2020-01-04T05:03:55.673541hub.schaetter.us sshd\[20389\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.151 user=root 2020-01-04T05:03:57.311747hub.schaetter.us sshd\[20389\]: Failed password for root from 222.186.175.151 port 6900 ssh2 2020-01-04T05:04:00.554252hub.schaetter.us sshd\[20389\]: Failed password for root from 222.186.175.151 port 6900 ssh2 2020-01-04T05:04:03.554369hub.schaetter.us sshd\[20389\]: Failed password for root from 222.186.175.151 port 6900 ssh2 2020-01-04T05:04:07.288820hub.schaetter.us sshd\[20389\]: Failed password for root from 222.186.175.151 port 6900 ssh2 ...	2020-01-04 13:05:21
42.62.12.54	attackbotsspam	51.158.173.243 42.62.12.54 - - [03/Jan/2020:23:21:29 +0000] "GET /TP/public/index.php HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" 51.158.173.243 42.62.12.54 - - [03/Jan/2020:23:21:29 +0000] "GET /TP/index.php HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)" ...	2020-01-04 09:09:08
100.73.26.212	spambotsattackproxynormal	Jalpan	2020-01-04 11:03:16
184.105.247.243	attackspambots	" "	2020-01-04 13:00:51
46.101.1.198	attackspam	$f2bV_matches	2020-01-04 13:10:23
1.54.222.220	attack	Unauthorized connection attempt detected from IP address 1.54.222.220 to port 23	2020-01-04 09:12:44
113.62.127.194	attack	Unauthorized connection attempt detected from IP address 113.62.127.194 to port 1433	2020-01-04 09:28:42
123.243.25.76	attackbots	Jan 3 18:51:28 php1 sshd\[9049\]: Invalid user webmaster from 123.243.25.76 Jan 3 18:51:28 php1 sshd\[9049\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.243.25.76 Jan 3 18:51:30 php1 sshd\[9049\]: Failed password for invalid user webmaster from 123.243.25.76 port 51102 ssh2 Jan 3 18:57:12 php1 sshd\[9484\]: Invalid user hinfo from 123.243.25.76 Jan 3 18:57:12 php1 sshd\[9484\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.243.25.76	2020-01-04 13:02:22

最近上报的IP列表

40.64.111.165	32.73.39.90	86.236.175.100	156.231.184.172
79.82.166.113	90.120.108.19	66.78.97.249	190.64.167.86
109.110.138.73	71.16.71.90	185.205.126.224	117.155.36.159
103.6.196.77	108.134.55.130	165.74.92.191	118.216.197.43
84.129.225.62	155.234.15.236	189.187.254.71	70.18.39.26